Within three years, the Pentagon’s Cyber Command will deploy more than 100 teams focused predominantly on defending military networks rather than attacking adversaries’ systems, according to Defense Department officials.
The department recently reorganized Cyber Command, which since 2010 has directed offensive and defensive operations in cyberspace, into three “mission forces.” Two of those forces will engage in digital assaults, while the third will shield the dot-mil domain. The Washington Post first reported the organizational structure in late January.
The organization defending military networks -- cyber protection forces -- will comprise more than 60 teams, a Pentagon official said. The other two organizations -- combat mission forces and national mission forces -- will conduct offensive operations. National mission forces will employ 13 teams focused on securing U.S. private networks powering critical infrastructure such as transportation systems and other vital industries, the official said.
At a Senate Armed Forces hearing last Tuesday, Gen. Keith Alexander, head of Cyber Command, said the combat mission forces will include 27 teams and would “support the combatant commands in their planning process for offensive cyber capabilities.”
Preparations are “on track” to stand up all three forces by September 2015 he said, crediting military service chiefs for pushing the formations.
The mix and number of service members, contractors and civilians in each team is still unknown. The military services have different cyber skill requirements -- needs that have been complicated by a national talent shortage. And each service is working through the financial constraints of sequestration -- blanket spending cuts that kicked in governmentwide on March 1.
Training is “the key part” of building up the teams, Alexander said.
Cyber offensive and defensive forces will be embedded within each geographic military command, Pentagon officials said in February.
Regarding the national mission forces, Defense officials toldNextgov in January that those teams will be “prepared to conduct full spectrum cyber operations in order to mitigate threats to our nation and its critical infrastructure."
Dispatching cyber troops to U.S. networks has since raised questions about military overreach. A 2003 presidential directive stipulates that the Department of Homeland Security, not Defense, must play the primary role in any governmentwide effort to protect U.S. critical infrastructure.
During last week’s hearing, Alexander clarified the role of national mission forces: “This defend-the-nation team is not a defensive team. This is an offensive team.” The Pentagon would deploy that offensive cadre if the nation were attacked in cyberspace, he added.
Alexander works closely with DHS Secretary Janet Napolitano, he said. Alexander, Napolitano and FBI Director Robert Mueller “all see eye to eye on the importance of cyber, of supporting each other in these cyber missions,” he said.
Alexander described Homeland Security officials as “the lead for domestic cybersecurity” and said they “help protect federal networks and critical infrastructure.”
Alexander added, however, “To act quickly we must have clear lanes of responsibility and rules of engagement.”